Alfi by Text.ai

TextAI Corporation ("Text.ai", "we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information when you use the Alfi messaging service ("Service").

Data Controller

TextAI Corporation: 2261 Market Street STE 85011

San Francisco, CA 94114

United States

Data Protection Contact: data@text.ai

EU Representative

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:

European Union (EU)

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website:https://app.prighter.com/portal/14943179664

2. Information We Collect and Legal Basis

We collect personal data only when we have a lawful basis to do so. Below is a detailed breakdown of what we collect and why:

2.1 Identity Data

We collect:

Phone Number (for account creation, authentication, and user identification; retained for account lifetime + 30 days)

Display Name (for identifying you to other users in conversations; retained until you change/delete it)

Date of Birth (for age verification per our 13+ requirement; retained for account lifetime)

Profile Photo (optional personalization, shown to contacts; retained until you change/delete it)

Legal Basis: Contract (Art. 6(1)(b))

2.2 Communication Data

We collect:

Messages (for core messaging functionality; retained for account lifetime or until deleted)

Photos/Videos (for media sharing in conversations; retained for account lifetime or until deleted)

Message Metadata (timestamps, read receipts, delivery status; retained for account lifetime)

Legal Basis: Contract (Art. 6(1)(b))

2.3 Device & Technical Data

We collect:

Device Push Token (for sending push notifications; retained until logout or app uninstall) - Legal Basis: Consent (Art. 6(1)(a))

Device Type/OS (for service compatibility and debugging; retained for session duration) - Legal Basis: Legitimate Interest (Art. 6(1)(f))

App Version (for ensuring correct functionality; retained for session duration) - Legal Basis: Legitimate Interest (Art. 6(1)(f))

2.4 Contact Data (Optional)

We collect:

Imported Contacts (for finding friends on Alfi; stored locally and cleared on logout)

Legal Basis: Consent (Art. 6(1)(a))

Note: When you import contacts, only phone numbers are sent to our servers to check if they're existing Alfi users. Contact names and emails remain on your device only.

2.5 Analytics & Diagnostics

We collect:

Screen Views (for product improvement; retained 7 years via PostHog)

App Interactions (for feature usage analysis; retained 15 days via Datadog)

Crash Reports (for bug fixing and stability; retained 15 days via Datadog)

Performance Metrics (for service optimization; retained 15 days via Datadog)

Legal Basis: Legitimate Interest (Art. 6(1)(f))

Legitimate Interest Assessment: We have conducted a balancing test and determined that our legitimate interest in collecting analytics data does not override your rights, because: (a) the data is pseudonymized, (b) it has minimal impact on you, (c) it's necessary to maintain service quality, and (d) you can object via data@text.ai.

2.6 Events & Reminders

We collect:

Event Details (for calendar functionality; retained until you delete them)

Reminder Content (for reminder functionality; retained until you delete them)

Legal Basis: Contract (Art. 6(1)(b))

AI Processing Disclosure

3.1 How Our AI Works

Alfi includes an AI assistant feature that processes your messages to provide helpful responses. Here's how it works:

What the AI processes: Messages you send directly to the AI assistant

How it's processed: Your messages are analyzed to generate relevant responses

Automated decision-making: The AI generates responses automatically, but these have no legal or significant effect on you

Human oversight: AI responses are not reviewed by humans unless you report an issue

3.2 Your Control Over AI Processing

Incognito Mode: You can enable Incognito Mode in Settings. When enabled, the AI assistant has no access to your personal information or conversation history.

AI Personality Settings: You can customize how the AI responds to you.

3.3 AI Limitations

The AI assistant:

Is NOT a substitute for professional advice (medical, legal, financial)

Does NOT make decisions that legally affect you

May occasionally produce inaccurate information

Does NOT have access to messages you send to other users (only direct AI conversations)

4. How We Share Your Data

4.1 Service Providers (Data Processors)

We share data with the following third-party processors who help us operate the Service:

Stream: For infrastructure & reporting; shares User ID, name, avatar, messages, media; located in USA; transfers via EU-U.S. Data Privacy Framework

PostHog: For product analytics; shares User ID, screen views, interactions; located in USA; transfers via EU-U.S. Data Privacy Framework

Datadog: For monitoring & crash reporting; shares crash logs, performance data; located in USA; transfers via EU-U.S. Data Privacy Framework

AWS: For cloud storage (avatars); shares profile images; located in USA; transfers via EU-U.S. Data Privacy Framework

Apple (APNs): For iOS push notifications; shares device token; located in USA; transfers via EU-U.S. Data Privacy Framework

Google (FCM): For Android push notifications; shares device token; located in USA; transfers via EU-U.S. Data Privacy Framework

All processors are certified under the EU-U.S. Data Privacy Framework, which provides adequate protection for your data under EU law.

4.2 Other Users

When you use Alfi, other users can see:

Your display name

Your profile photo (if set)

Messages you send to them

4.3 Legal Requirements

We may disclose your data if required by law, court order, or to protect our legal rights.

5. International Data Transfers

Your data is transferred to and processed in the United States. We ensure adequate protection through:

EU-U.S. Data Privacy Framework: All our US-based processors are certified under the DPF, which the European Commission has recognized as providing adequate protection (Adequacy Decision of July 10, 2023).

You can verify our processors' DPF certification at dataprivacyframework.gov/list.

6. Data Retention

Account data: Retained for account lifetime + 30 days; deleted upon account deletion request

Messages: Retained for account lifetime; deleted upon account deletion or individual message deletion

Media (photos/videos): Retained for account lifetime; deleted upon account deletion or individual deletion

Events/Reminders: Retained until deleted by you; deleted upon user deletion

Analytics: Retained up to 7 years; deleted upon automatic expiration

Crash logs: Retained 14 days; deleted upon automatic expiration

Push tokens: Retained until logout; deleted upon logout or app uninstall

7. Your Rights (EU/EEA Users)

Under the General Data Protection Regulation (GDPR), you have the following rights:

Access: Get a copy of your personal data. Exercise by emailing data@text.ai.

Rectification: Correct inaccurate data. Exercise by editing in app or emailing data@text.ai.

Erasure ("Right to be Forgotten"): Request deletion of your data. Exercise by using "Delete Account" button in App Settings.

Restriction: Limit how we process your data. Exercise by emailing data@text.ai.

Data Portability: Receive your data in a portable format. Exercise by emailing data@text.ai.

Object: Object to processing based on legitimate interest. Exercise by emailing data@text.ai.

Withdraw Consent: Withdraw consent for consent-based processing. Exercise by disabling in app settings or emailing data@text.ai.

7.1 How to Exercise Your Rights

In-App: Use Settings > "Delete Account" for erasure requests

Email: Contact data@text.ai for all other requests

Response Time: We will respond within 30 days

7.2 Right to Lodge a Complaint

If you're unsatisfied with how we handle your data, you have the right to lodge a complaint with your local Data Protection Authority. A list of EU DPAs is available at edpb.europa.eu.

8. Children's Privacy

Alfi is not intended for children under 13 years of age.

Users aged 13-17 must have parental consent.

We do not knowingly collect data from children under 13.

If we learn we have collected data from a child under 13, we will delete it promptly.

Parents/guardians can contact data@text.ai to request deletion of a child's data.

9. Security Measures

We protect your data with:

Encryption in transit: All data transmitted using TLS/HTTPS

Secure storage: Sensitive data (tokens) stored in iOS Keychain / Android Keystore

Access controls: JWT authentication, OTP verification

Processor security: All processors maintain SOC 2 / ISO 27001 certifications

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated policy in the app

Updating the "Last Updated" date

Sending a notification for significant changes

Your continued use after changes constitutes acceptance.

11. Contact Information

For privacy inquiries and data requests:

Email: data@text.ai

Response time: Within 30 days

EU Representative

European Union (EU)

Prighter EU Rep GmbH

Schellinggasse 3/10, 1010 Vienna, Austria

Company Address:

TextAI Corporation: 2261 Market Street STE 85011

San Francisco, CA 94114

United States